CN118093025A

CN118093025A - Diskless starting server, client and starting method

Info

Publication number: CN118093025A
Application number: CN202211430477.4A
Authority: CN
Inventors: 李郧成
Original assignee: Chengdu Lingzhifeng Network Technology Co ltd
Current assignee: Chengdu Lingzhifeng Network Technology Co ltd
Priority date: 2022-11-15
Filing date: 2022-11-15
Publication date: 2024-05-28

Abstract

The invention discloses a diskless starting server, a client and a starting method, wherein the server comprises a diskless starting program for the client to download, and the client defaults to start a TPM; when the diskless starting program is downloaded and executed by a client, the original LocateHandle subfunction under BootServices functions is modified and then other operations are executed; the new LocateHandle subfunction contains all the contents of the original LocateHandle subfunction, and adds the judgment: if the looked up protocol is the TCG protocol, returning to not support the TCG protocol, otherwise executing the old LocateHandle subfunctions. The method is suitable for the scene that the diskless system does not need trusted computing and the client defaults to start the TPM, and can directly start the system without external intervention, and a user does not need to singly and manually change the default BIOS setting.

Description

Diskless starting server, client and starting method

Technical Field

The invention relates to the field of diskless starting, in particular to a diskless starting server, a client and a starting method.

Background

The diskless software principle is that a server provides read-write service to a disk image, and the image only stores an original operating system initially, and does not contain any client hardware driver (different clients may need different hardware drivers), and the client simulates a disk when starting, and data of the disk image is read (through a network) from the disk image of the server.

In most cases with TPM, the main board is forced to start TPM to install and start normally, most new main boards default UEFI starting mode and start TPM by default. However, in the disk-free environment, the loading flow of the Windows device driver changes due to the fact that the motherboard starts the TPM, normal dynamic PnP cannot be performed, and Windows cannot be started normally.

The manual setting of the TPM in the BIOS firmware can return to its original form, but this requires manual handling by each client, which is cumbersome. It is therefore necessary to be able to start diskless also in case of a default start of the TPM.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provides a diskless starting server, a client and a starting method.

The aim of the invention is realized by the following technical scheme:

The invention provides a diskless starting server, which comprises a diskless starting program for a client to download, wherein the client defaults to start a TPM;

when the diskless starting program is downloaded and executed by a client, the original LocateHandle subfunction under BootServices functions is modified and then other operations are executed;

The modification mode is to establish a new LocateHandle subfunction and modify the address of the LocateHandle subfunction under the BootServices function to the address of the new LocateHandle subfunction;

The new LocateHandle subfunction contains all the contents of the original LocateHandle subfunction, and increases the judgment: if the looked up protocol is the TCG protocol, returning to not support the TCG protocol, otherwise executing the old LocateHandle subfunctions.

Further, the searched protocol is a TCG protocol, which specifically includes: the searched protocol GUID is a TCG1.0 protocol GUID or a TCG2.0 protocol GUID.

In a second aspect of the present invention, there is provided a diskless boot client, which opens a TPM by default, including:

The diskless starting program downloading module is used for downloading the diskless starting program on the diskless starting server; the diskless starting program execution module is used for executing the downloaded diskless starting program;

The diskless startup procedure execution module includes:

Function modification submodule: when the diskless startup procedure is executed, the original LocateHandle subfunction under BootServices functions is modified and then other operations are executed; the modification mode is to establish a new LocateHandle subfunction and modify the address of the LocateHandle subfunction under the BootServices function to the address of the new LocateHandle subfunction; the new LocateHandle subfunction contains all the contents of the original LocateHandle subfunction, and increases the judgment: if the looked up protocol is the TCG protocol, returning to not support the TCG protocol, otherwise executing the old LocateHandle subfunctions.

Further, the diskless startup procedure execution module further includes:

The default guiding sub-module of the system: for executing the system boot file after modifying the original LocateHandle subfunctions; during execution of the system boot file, whether the protocol is a TCG protocol or not is searched by utilizing the new LocateHandle subfunction, and operations related to the TPM security chip are not executed after the TCG protocol is not supported is received;

kernel loading sub-module: the system initialization method comprises the steps that after the system default guiding submodule is executed, a kernel program file is utilized to execute system initialization;

A network card loading sub-module: and the device is used for driving the equipment on the identification bus by utilizing the PNP configuration driver module and installing the network card driver after the execution of the kernel loading submodule is completed.

Further, the system boot file includes: the method comprises the steps of executing a first system boot file bootmgfw.efi and a second system boot file winload.efi, wherein the first system boot file bootmgfw.efi is executed first, and then executing the second system boot file winload.efi; both the first system boot file bootmgfw.efi and the second system boot file winload.efi utilize the new LocateHandle subfunctions.

In a third aspect of the present invention, there is provided a diskless starting method for a diskless starting client, where the client opens a TPM by default, and the method includes the following steps:

acquiring a diskless starting program from a diskless starting server;

Executing the diskless start-up program;

The executing the diskless start-up program specifically includes: function modification substeps:

When executing the diskless starting program, the original LocateHandle subfunction under BootServices function is modified and then other operations are executed; the modification mode is to establish a new LocateHandle subfunction and modify the address of the LocateHandle subfunction under the BootServices function to the address of the new LocateHandle subfunction; the new LocateHandle subfunction contains all the contents of the original LocateHandle subfunction, and increases the judgment: if the looked up protocol is the TCG protocol, returning to not support the TCG protocol, otherwise executing the old LocateHandle subfunctions.

Further, the executing the diskless startup procedure further includes:

The default guiding sub-step of the system: after the function modification substep is executed, executing a system boot file; during execution of the system boot file, whether the protocol is a TCG protocol or not is searched by utilizing the new LocateHandle subfunction, and operations related to the TPM security chip are not executed after the TCG protocol is not supported is received;

Kernel loading substeps: after the system default guiding sub-step is executed, executing system initialization by using a kernel program file;

the network card loading substep: and the device is used for utilizing the PNP configuration driver module to drive the device on the identification bus and installing the network card driver after the execution of the kernel loading substep is completed.

The beneficial effects of the invention are as follows:

(1) In an exemplary embodiment of the present invention, suitable for a scenario where a diskless system does not require trusted computing and a client defaults to turn on a TPM, it is protected to provide a server, a client, a method, etc. that includes modifying LocateHandle subfunction execution commands. When the client downloads the diskless starting program, the LocateHandle subfunctions are modified before the normal starting process is executed, so that the trusted computing is not started in the operating system after the TPM is bypassed, the system can be directly started under the condition of no external intervention, and a user does not need to singly and manually change the default BIOS setting.

(2) In yet another exemplary embodiment of the invention, a modified corresponding working step is disclosed.

Drawings

Fig. 1 is a schematic diagram of connection between a diskless start-up server and a server according to an exemplary embodiment of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made apparent and fully understood from the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

In the description of the present invention, it should be noted that directions or positional relationships indicated as being "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are directions or positional relationships described based on the drawings are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the apparatus or elements to be referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.

In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.

In addition, the technical features of the different embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.

First, the following technical vocabulary is explained:

PXE (Preboot Execution Environment), a pre-boot execution environment, also referred to as a pre-execution environment, provides a mechanism for booting a computer using a network interface (Network Interface). This mechanism allows the computer to boot independently of the local data storage device (e.g., hard disk) or the locally installed operating system.

UEFI (Unified Extensible FIRMWARE INTERFACE), unified extensible firmware interface, is a personal computer system specification that defines the software interface between the operating system and the system firmware as an alternative to BIOS. The extensible firmware interface is responsible for power-on self test (POST), contacting the operating system, and providing an interface that connects the operating system to the hardware.

TPM (Trusted Platform Module), a trusted platform module, and a TPM security chip is a security chip conforming to TPM standards, which can effectively protect a PC and prevent illegal user access. Services such as BitLocker driver encryption, windows Hello, etc. can be used to securely create and store encryption keys and to confirm that the operating system and firmware on the device are satisfactory and not tampered with. Typically, it is a separate chip on the motherboard, but the TPM 2.0 standard allows manufacturers such as Intel or AMD to build TPM functionality into the chipset without requiring a separate chip. TPM has been available for over 20 years, and has been part of a computer since around 2005. In 2016, TPM version 2.0 became the standard version of the new computer. Since the release of the TPM specification, after the iteration of the past year version, two international standards of ISO/IEC 11889:2009 (TCG 1.2) and ISO/IEC11889:2015 (TCG 2.0) are generated in the middle, and the specification defines the contents of the TPM architecture, the structure, the commands, the supporting paths and the like.

Boot loader, diskless Boot program, and operating system kernel runs a section of program before running. Firstly, initializing system hardware, including setting a clock, mapping a storage area and the like, setting a stack pointer and the like; and copying the ram area from the flash area by the kernel of the operating system, jumping to an entry of the kernel, and giving control right of the system to the operating system, wherein the operation of the system and the Boot loader have no relation. In the normal use process, the Boot Loader loads an operating system into the ram from a certain solid-state memory on the target machine (server side) to run, and the whole process is free from user intervention.

PnP, which is called Plug-and-Play, and the translation is Plug-and-Play. PnP is called Plug-and-Play, and the translation is Plug-and-Play. PnP functions to automatically configure boards and other devices in a lower level computer and then tell the corresponding device what to do. The task of PnP is to coordinate the physical device with the software device drivers and operate the devices to establish a communication channel between each device and its driver. PNP is a technology of the system for automatically detecting peripheral equipment and a board card and automatically installing equipment drivers, can be used after being plugged in, does not need manual intervention, and is self-contained in Windows. The plug and play is a technique in which an operating system automatically sets a system configuration when peripheral devices such as a PC card conforming to the PNP standard are installed in a computer. When a user installs new hardware, the user does not need to set any jumper switch any more, and does not need to configure Interrupt Request (IRQ), memory address or Direct Memory Access (DMA) channel with software, windows will notify the application program of the new change of hardware device and will automatically coordinate the conflict between IRQ, memory address and DMA channel.

A diskless network, i.e. a network in which all workstations in the network are not hard-disk-mounted and all are started up by a network server, is called diskless network. The diskless network system can be applied to network classrooms, internal local area networks of enterprises, internet cafes, hotels, song ordering entertainment industries and the construction and reconstruction of all diskless networks. The diskless software principle is that a server provides read-write service to a disk image, and the image only stores an original operating system initially, and does not contain any client hardware driver (different clients need different hardware drivers), and the client simulates a disk when starting, and data of the client is read (through a network) from the disk image of the server.

In the environment of a diskless network, the loading of the C disk of the client depends on the loading of the network card drive. In most cases with TPM, the main board is forced to start TPM to install and start normally, most new main boards default UEFI starting mode and start TPM by default. However, in the disk-free environment, the loading flow of the Windows device driver is changed due to the fact that the TPM is started by the main board, so that the PNP function of the network card is disabled, and the Windows cannot be started normally without waiting.

Specifically, in the prior art, the flow for a normal start without starting the TPM is as follows:

bootmgfw.efi- > winload.efi- > ntoskrnl.exe- > PNP configuration driver module- > pci- > sys- > network card driver

In the following exemplary embodiment, bootmgfw.efi and winload.efi are "system boot files", ntoskrnl.exe is "kernel files", and PNP configuration driver module, pci.sys, and network card driver are "network card load files".

The boot manager (bootmgfw.efi) will firstly load the BCD file, read all the boot items from the BCD, if there are multiple boot items and there is no default boot item, a menu will be displayed, when the user selects one of the boot items, the boot manager will read the winload.efi from the corresponding partition (through the partition GUID), and after the winload.efi is loaded, the control right will formally be given to the winload.efi.

The first thing that the winload.efi does is to construct the page table and PFN database from the physical memory information provided by GetMemoryMap of BootService, then load all Boot-type drivers under ntosskrnl.exe, hal and system\service and the import library reads they need into memory, because this is still in protected mode, so the mapping information of these files needs to be built in the page table. After the reading is completed, signature verification is performed on the files. After this step, windows further initializes GDT and IDT, then allocates the kernel stack in the page table, and initializes SYSTEMPTE. Finally call ExitBootService exits the boot phase, call SetVirtualAddress maps the EFI portion of firmware memory to virtual memory, then loads the page table base into the CR3 register, opens the page and jumps to KiSytemStartup of ntoskrnl.

Finally, after initialization is completed, the diskless drive relies on the PNP configuration driver module, the PCi.sys (identifies the equipment on the bus and installs the network card drive) drives the network card to the normal PNP, then the C disk can be normally loaded, and the whole diskless start is completed. The pci.sys file is an "NT plug and play PCI emulator" and is an important dll file in windows systems.

The start-up procedure for the default starting of the TPM is as follows:

bootmgfw.effi- > winload.effi- > ntoskrnl.exe- > pci.sys (identify devices on bus and install network card driver) - > tpm- > PNP configuration driver module

Compared with the normal starting process without starting the TPM, after starting the TPM, the network card drive loading process is changed: the network card is identified by the system and fails to be installed before the PNP configuration driver module is driven, and the PNP flow in the PNP configuration driver module is not triggered later, so that the system cannot be started under the condition of no external intervention. Although the setting of the TPM manually in the BIOS firmware can be returned to the original form, each client needs to be manually processed, and the setting is complicated in application scenes such as network classrooms of diskless networks, internal local area networks of enterprises, internet bars, hotels and the like.

The following exemplary embodiment will solve the above-described problems (the inability of the motherboard to boot Windows without a disk when the TPM is turned on, and the cumbersome task of having to manually shut down the TPM for normal boot):

Referring to fig. 1, fig. 1 illustrates a diskless start-up server provided by an exemplary embodiment of the present invention, including a diskless start-up program for a client to download, where the client opens a TPM by default;

Specifically, in this exemplary embodiment, the main focus is on the server side in the diskless system. The server side stores a diskless startup program for the client side to download, that is, the server side provides a read-write service for the disk image, and the image initially only stores an original operating system, and does not contain any client side hardware driver (different clients may need different hardware drivers), and the client side simulates a disk when starting, and data is read (through a network) from the disk image of the server side.

When the diskless startup procedure is downloaded and executed by the client, the bootmgfw.efi file of the startup procedure of starting the TPM by default is not executed, and the original LocateHandle subfunction under the BootServices function is modified and then other operations are executed. Wherein LocateHandle functions are functions that firmware BootServices in the UEFI specification must provide, locateHandle service function prototypes, as follows:

In this exemplary embodiment, a specified Protocol (Protocol) global unique identifier is mainly targeted, and a Protocol corresponding to the TPM is a TCG Protocol. The modified mode according to the application: to build a new LocateHandle subfunction and modify the address of the LocateHandle subfunction under BootServices function to the address of the new LocateHandle subfunction; the new LocateHandle subfunction contains all the contents of the original LocateHandle subfunction, and increases the judgment: if the looked up protocol is the TCG protocol, returning to not support the TCG protocol, otherwise executing the old LocateHandle subfunctions. After the original LocateHandle subfunctions are modified, the subsequent system boot files (bootmgfw.efi and winload.efi are used as) call the new LocateHandle subfunctions under BootServices function according to the new address in the execution process, and if the detected TCG protocol is generated, the system boot files receive an invalid reply, and the Windows considers that the computer does not start the TPM, and does not need to start the TPM-related module, but starts normally.

That is, the modification mode of the present exemplary embodiment is not adopted, and the "start-up procedure of starting the TPM by default" is adopted, and the system must be started up by manual processing; while when the modification of the present exemplary embodiment is adopted, the "normal start-up flow without starting up the TPM" is adopted instead of the "start-up flow with starting up the TPM by default".

If the address of the original LocateHandle subfunction is A and the address of the new LocateHandle subfunction is B, the modification mode is to modify the address of the LocateHandle subfunction under the BootServices function to B, and when the new LocateHandle subfunction is judged not to be the lookup protocol TCG protocol, the function of the address A, namely the original LocateHandle subfunction, is executed.

And the new LocateHandle subfunction may be modified as follows:

In summary, in the present exemplary embodiment, the method is applicable to a scenario where the diskless system does not need trusted computing and the client default turns on the TPM, and is protected by providing a server that includes a diskless boot program that modifies LocateHandle subfunction execution commands. When the client downloads the diskless starting program, the LocateHandle subfunctions are modified before the normal starting process is executed, so that the trusted computing is not started in the operating system after the TPM is bypassed, the system can be directly started under the condition of no external intervention, and a user does not need to singly and manually change the default BIOS setting.

It should be noted that, for a scenario where trusted computing is not needed, other security operations may be built in the client itself, so that the client itself is not dangerous (e.g., a firewall or antivirus software, etc.).

For the reason of modifying LocateHandle subfunctions, loading in the reverse TPM starting process is performed, and three programs of 'bootmgfw.efi- > winload.efi- > ntoskrnl.exe' are respectively analyzed, wherein the process is as follows:

(1) For reverse bootmgfw.efi, the detection and loading of TPM flow is as follows:

BmMain->BlInitializeLibrary->InitializeLibrary->BlTpmpAcquireProtocol->EfiBootServices.LocateHandle

By decompiling InitializeLibrary, bootmgfw.efi can be seen to first load 2.0 of TPM (BlTpmpAcquireProtocol (& BlTpmpTcg20 Implementation), without 2.0 of TPM 1.2 (BlTpmpAcquireProtocol (& BlTpmpTcg12 Implementation).

Looking again at BlTpmpAcquireProtocl's decompilation, similar to a conventional EFI call, the protocol handle is looked up first, then the protocol operation is opened.

Looking again at EfiLocateHandleBuffer's code, it finds that it calls the function at EFI Boot Services offset 0xB0 (176), looking at LocateHandle functions in EFI Boot Services in UEFI.

(2) For reverse winload.efi, its TPM loading flow is the same as bootmgfw.efi, but the specification is BlpTpmInitialize function call

Entry->BlInitializeLibrary->InitializeLibrary->BlpTpmInitialize

The same way as the reverse bootmgfw.efi and the result found to be the same as the bootmgfw.efi is also a LocateHandle function in EFI Boot Services in UEFI.

(3) Finally, reverse ntoskrnl.exe is performed, and after the entry of the ntoskrnl.exe, a similar loading action is not performed (the loading action is no longer interacted with the UEFI environment), and the function of the TPM is realized by loading the TPM.SYS.

Thus, in the present exemplary embodiment, the solution contemplated is that bootmgfw.efi and winload.efi must be informed that there is no TPM, so that no disk should start smoothly to the ntoskrnl.exe and no additional processing is required after entering the ntoskrnl.exe.

Therefore, when the protocol GUID of the location is the TCG protocol, the LocateHandle subfunction in the UEFI BootServices function table is replaced in the Boot loader, and the bootmgfw.efi and the windload.efi are not supported or failed, so that the TPM is not loaded, the network card driver is not caused to be loaded and installed before the PNP is configured to the driver module (in fact, the installation failure configFlags =32 (0 x 20)), the later-started PNP is not normally used as the network card PNP, and the diskless system cannot be started.

More preferably, in an exemplary embodiment, the searched protocol is a TCG protocol, which specifically includes: the searched protocol GUID is a TCG1.0 protocol GUID or a TCG2.0 protocol GUID.

In another exemplary embodiment of the present invention, there is provided a diskless boot client, which opens a TPM by default, including:

The diskless startup procedure execution module includes:

As with the exemplary embodiment described above, in this exemplary embodiment, applicable to a scenario where the diskless system does not require trusted computing and the client defaults to turn on the TPM, it is the client that downloads and executes the diskless boot program including the modify LocateHandle subfunction execution command that is protected. When the client downloads the diskless starting program, the LocateHandle subfunctions are modified before the normal starting process is executed, so that the trusted computing is not started in the operating system after the TPM is bypassed, the system can be directly started under the condition of no external intervention, and a user does not need to singly and manually change the default BIOS setting.

More preferably, in an exemplary embodiment, the diskless startup procedure execution module further includes:

Specifically, in this exemplary embodiment, the following contents of the diskless boot program execution module are disclosed, namely including system boot, kernel loading and network card loading.

Wherein, in a preferred exemplary embodiment, the system boot file includes: the method comprises the steps of executing a first system boot file bootmgfw.efi and a second system boot file winload.efi, wherein the first system boot file bootmgfw.efi is executed first, and then executing the second system boot file winload.efi; both the first system boot file bootmgfw.efi and the second system boot file winload.efi are described by the new LocateHandle subfunction:

The first system boot file bootmgfw.efi will firstly load the BCD file, read all the startup items from the BCD, if there are multiple startup items and there is no default startup item, a menu will be displayed, when a user selects one of the startup items, the startup manager will read the second system boot file winload.efi from the corresponding partition (through partition GUID), after the second system boot file winload.efi is loaded, the control right will formally be given to the second system boot file winload.efi.

The first thing that the second SYSTEM Boot file winload.efi does is to construct the page table and PFN database through the physical memory information provided by GetMemoryMap of BootService, and then load all Boot-type drivers under the kernel files ntoskrnl.exe, hal and system\service and the import library read required by them into the memory, because this is still in protected mode, the mapping information of these files needs to be established in the page table. After the reading is completed, signature verification is performed on the files. After this step, windows further initializes GDT and IDT, then allocates the kernel stack in the page table, and initializes SYSTEMPTE. Finally call ExitBootService exits the boot phase, call SetVirtualAddress maps the EFI portion of the firmware memory to virtual memory, then loads the page table base into the CR3 register, opens the page and jumps to KiSytemStartup of kernel file ntoskrnl.exe to enter kernel execution system initialization.

Finally, after initialization is completed, the network card loading file PNP configuration driver module, the PCi.sys and the network card driver are processed, firstly, the diskless driver is driven by the PNP configuration driver module, the PCi.sys (identifies equipment on a bus and installs the network card driver) drives the network card to a normal PNP, then the C disk can be loaded normally, and the whole diskless starting is completed.

The same inventive concept as the foregoing exemplary embodiment provides a diskless startup method for a diskless startup client, where the client opens a TPM by default, the method including the steps of:

acquiring a diskless starting program from a diskless starting server;

Executing the diskless start-up program;

As in the above-described exemplary embodiment, in the present exemplary embodiment, applicable to a scenario where the diskless system does not require trusted computing and the client turns on the TPM by default, it is protected to download and execute a diskless startup method of the client including modifying LocateHandle the execution command of the subfunction, which may be specific to the processing manner of the processor. When the client downloads the diskless starting program, the LocateHandle subfunctions are modified before the normal starting process is executed, so that the trusted computing is not started in the operating system after the TPM is bypassed, the system can be directly started under the condition of no external intervention, and a user does not need to singly and manually change the default BIOS setting.

More preferably, in an exemplary embodiment, the executing the diskless startup procedure further includes:

More preferably, in an exemplary embodiment, the system boot file includes: the method comprises the steps of executing a first system boot file bootmgfw.efi and a second system boot file winload.efi, wherein the first system boot file bootmgfw.efi is executed first, and then executing the second system boot file winload.efi; both the first system boot file bootmgfw.efi and the second system boot file winload.efi utilize the new LocateHandle subfunctions.

A further exemplary embodiment of the present invention provides a diskless start-up device for a diskless start-up client, which has the same inventive concept as the above exemplary embodiment, and includes a memory and a processor, wherein the memory stores computer instructions executable on the processor, and the processor executes the steps of the diskless start-up method for a diskless start-up client when executing the computer instructions.

The electronic device is in the form of a general purpose computing device. Components of an electronic device may include, but are not limited to: the at least one processing unit, the at least one memory unit, and a bus connecting the different system components (including the memory unit and the processing unit).

Wherein the storage unit stores program code executable by the processing unit such that the processing unit performs steps according to various exemplary embodiments of the present invention described in the section "exemplary embodiments" above of the present specification.

The memory unit may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) and/or cache memory units, and may further include Read Only Memory (ROM).

The storage unit may also include a program/utility having a set (at least one) of program modules including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

The bus may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device may also communicate with one or more external devices (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device, and/or with any device (e.g., router, modem, etc.) that enables the electronic device to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface. And, the electronic device may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through a network adapter. The network adapter communicates with other modules of the electronic device via a bus. It should be appreciated that other hardware and/or software modules may be used in connection with an electronic device, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.

As will be readily appreciated by those skilled in the art from the foregoing description, the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Accordingly, the technical solution according to the present exemplary embodiment may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the present exemplary embodiment.

A further exemplary embodiment of the present invention provides a storage medium having stored thereon computer instructions which, when executed, perform the steps of the diskless start-up method of a diskless start-up client as described above.

Based on this understanding, the technical solution of the present embodiment may be essentially or, what contributes to the prior art, or part of the technical solution may be embodied in the form of a software product (program product) stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to execute all or part of the steps of the method described in the embodiments of the present invention.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

It is apparent that the above examples are given by way of illustration only and not by way of limitation, and that other variations or modifications may be made in the various forms based on the above description by those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. And obvious variations or modifications thereof are contemplated as falling within the scope of the present invention.

Claims

1. The diskless starting server comprises a diskless starting program for downloading by a client, wherein the client defaults to start a TPM; the method is characterized in that:

2. The diskless startup server of claim 1, wherein: the searched protocol is a TCG protocol, and specifically includes: the searched protocol GUID is a TCG1.0 protocol GUID or a TCG2.0 protocol GUID.

3. A diskless boot client, which by default opens a TPM, comprising:

the method is characterized in that: the diskless startup procedure execution module includes:

4. A diskless startup client as recited in claim 3, wherein: the diskless startup procedure execution module further includes:

5. The diskless startup client of claim 4, wherein: the system boot file includes: the method comprises the steps of executing a first system boot file bootmgfw.efi and a second system boot file winload.efi, wherein the first system boot file bootmgfw.efi is executed first, and then executing the second system boot file winload.efi; both the first system boot file bootmgfw.efi and the second system boot file winload.efi utilize the new LocateHandle subfunctions.

6. A diskless startup client as recited in claim 3, wherein: the searched protocol is a TCG protocol, and specifically includes: the searched protocol GUID is a TCG1.0 protocol GUID or a TCG2.0 protocol GUID.

7. A diskless boot method for a diskless boot client, the client opening a TPM by default, the method comprising the steps of:

acquiring a diskless starting program from a diskless starting server;

Executing the diskless start-up program;

The method is characterized in that: the executing the diskless start-up program specifically includes: function modification substeps:

8. The diskless startup method of a diskless startup client of claim 7, wherein: the executing the diskless startup procedure further includes:

9. The diskless startup method of a diskless startup client of claim 8, wherein: the system boot file includes: the method comprises the steps of executing a first system boot file bootmgfw.efi and a second system boot file winload.efi, wherein the first system boot file bootmgfw.efi is executed first, and then executing the second system boot file winload.efi; both the first system boot file bootmgfw.efi and the second system boot file winload.efi utilize the new LocateHandle subfunctions.

10. The diskless startup method of a diskless startup client of claim 7, wherein: the searched protocol is a TCG protocol, and specifically includes: the searched protocol GUID is a TCG1.0 protocol GUID or a TCG2.0 protocol GUID.